Dompdf Security Vulnerabilities and Issues — Dompdf CVE List

Lucene search

Dompdf ProjectDompdf

4 matches found

CVE•added 2022/04/03 3:15 a.m.•117 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).

9.8CVSS9.5AI score0.57957EPSS

CVE•added 2022/06/28 3:15 p.m.•92 views

CVE-2022-0085

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

5.3CVSS4.7AI score0.00563EPSS

CVE•added 2022/09/25 7:15 p.m.•87 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

7.5CVSS7.4AI score0.70078EPSS

CVE•added 2022/07/18 3:15 p.m.•79 views

CVE-2022-2400

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

5.3CVSS5.6AI score0.00236EPSS